A survey of the fundamentals of information security. Risks and vulnerabilities, policy formation, controls and protection methods, database security, encryption, authentication technologies, host-based and network-based security issues, personnel and physical security issues, issues of law and privacy.
Discussions during office hours will be held in HAAS G050, or if that fills up, in 143 or G072. If you don't find the TA in the discussion locations, check G018.
Note: You are assigned to a particular PSO, and the PSOs (and course) are full. Please go to your assigned PSO, for two reasons:
Evaluation of instructorsportion of the grade. If you go to a different PSO, it will be hard for them to say things like
this student really knows the material better than their test scores would indicate.
That said, if you can't make a particular PSO some week, it is okay to go to another PSO with the permission of that PSO instructor, but please make sure that there is room for those assigned to the PSO before you take a seat.
By arrangement, LWSN 2142F. I am available by appointment, email some good times and I'll pick what works. Or you can just drop by, I'm often in, and if not tied up with something that has be be finished right away I'll be happy to talk with you. Due to trying to meet with many of the faculty candidates, and the number of interviews scheduled, it has been very difficult to set aside any sort of regular times for office hours this semester - but I am available, just not at the same time every week.
There will be a course email list used for high-priority announcements.
This will use your @purdue.edu
email address; make sure this
is forwarded to someplace you look on a regular basis.
We will be using Gradescope to turn in and comment on assignments; Blackboard will be used for recording and distributing grades, as well as for any other student-specific information about the course.
The course will be taught through lectures, supplemented with reading. The PSO sections will provide an additional opportunity to ask questions and work through problems, and will be the primary venue where the projects will be introduced and discussed. The primary reading will be from the text. The written assignments and projects are also a significant component of the learning experience.
For review (and if you miss a lecture), you can pick them up as an Kaltura vodcast/podcast (accessible through Blackboard.) Be warned that the audio isn't great; you only see what is on the screen, not what is written on the chalkboard; and you can't ask (or answer) questions; so it isn't really a viable alternative to attending lecture.
We will be using Piazza to facilitate discussions; this will enable you to post questions as well as respond to questions posted by others.
The formal prerequisite is CS 25200: Data Structures and Algorithms (or ECE 46900). While not enforced as well as we would like, you should also have CS 25100 or equivalent. (Exercise: Figure out how you could meet the CS 25200 prerequisite requirement without having passed CS 25100. This is an example of the type of flaw that results in information security violations...)
Evaluation is a somewhat subjective process (see my grading standards), however it will be based on your understanding of the material as evidenced in:
Exams will be open note, with two 8.5x11 or A4 pages allowed (e.g., one piece of paper, double-sided) allowed for the first exam, four for the second, and six for the final. If any additional notes are allowed, these will be announced per exam. To avoid a disparity between resources available to different students, and the possibility of using communication-equipped devices in unethical ways, electronic aids are not permitted.
Late work will be penalized 15% per day (24 hour period or fraction thereof).
You are allowed five extension days, to be used at your
discretion throughout the semester (illness, job interviews, etc.)
You must explicitly note that you are using these in the header
of the assignment or it will be considered late (i.e.,
using extension days 2 and 3 for this assignment.
)
Fractional use is not allowed, and this may not be used to
extend submission past the last day of class.
Blackboard will be used to record/distribute grades.
Please read the departmental academic integrity policy above. This will be followed unless I provide written documentation of exceptions. You should also be familiar with the Purdue University Code of Honor and Academic Integrity Guide for Students. You may also find Professor Spafford's course policy useful - while I do not apply it verbatim, it contains detail and some good examples that may help to clarify the policies above and those mentioned below.
In particular, I encourage interaction: you should feel free to discuss the course with other students. However, unless otherwise noted work turned in should reflect your own efforts and knowledge.
For example, if you are discussing an assignment with another student, and you feel you know the material better than the other student, think of yourself as a teacher. Your goal is to make sure that after your discussion, the student is capable of doing similar work independently; their turned-in assignment should reflect this capability. If you need to work through details, try to work on a related, but different, problem.
If you feel you may have overstepped these bounds, or are
not sure, please come talk to me and/or note on what you turn in that
it represents collaborative effort (the same holds for information
obtained from other sources that provided substantial portions
of the solution.) If I feel you have gone beyond
acceptable limits, I will let you know, and if necessary we will find
an alternative way of ensuring you know the material.
Help you receive in such a borderline case
, if cited
and not part of a pattern of egregious behavior,
is not in my opinion academic dishonesty, and will at most
result in a requirement that you demonstrate your knowledge
in some alternate manner.
If you have other issues please feel free to talk to me - if I can't help, I'll try to point you in the right direction. Be aware that due to Title IX and state law, there are some things for which I can't promise confidentiality (but see CARE below).
University Emergency Preparedness instructions
Student Mental Health and Wellbeing: Purdue University is committed to advancing the mental health and wellbeing of its students. If you or someone you know is feeling overwhelmed, depressed, and/or in need of support, services are available. For help, such individuals should contact Counseling and Psychological Services (CAPS) at (765)494-6995 and http://www.purdue.edu/caps/ during and after hours, on weekends and holidays, or through its counselors physically located in the Purdue University Student Health Center (PUSH) and the Psychology building (PSYC) during business hours.
Sexual Violence: Purdue University is devoted to fostering a secure, equitable, and inclusive community. If you or someone you know has been the victim of sexual violence and are interested in seeking help, there are services available. Reporting the incident to any Purdue faculty and certain other employees, including resident assistants, will lead to reference to the Title IX Coordinator, as these individuals are mandatory reporters. The Title IX office can investigate report of sex-based discrimination, sexual harassment, or sexual violence. Title IX ensures that both parties in a reported event have equal opportunity to be heard and participate in a grievance process. To file an online report visit https://cm.maxient.com/reportingform.php?PurdueUniv&layout_id=15 or contact the Title IX coordinator at 765-494-7255.
The Center for Advocacy, Response, and Education (CARE) offers confidential support and advocacy that does not require the filing of a report to the Title IX office. The CARE staff helps each survivor assess their reporting options and access resources that meet personal needs. The CARE office can be found at 205 North Russell Street in Duhme Hall (Windsor), room 143 Monday - Friday 8:00 AM to 5:00 PM. They can also be reached at their 24/7 hotline 765-495-CARE or at CARE@purdue.edu.
And you should always feel free to call, email, or drop by and talk to me (or, if you have an issue with me, to the department head.)
The basic text for this course is:
For those who want a deeper treatment of theory,
you may want to look at:
Matthew Bishop
Computer Security: Art and Science,
Addison-Wesley, 2003. ISBN 0-201-44099-7
If you use this book, you'll want the appropriate
Errata pages.
To access some of the material, you need to be on-campus, or use a VPN to make it appear that you are on campus.
WF
Lessons from designing Security ISA over 20 years
You may also want to see the canonical syllabus, previous offerings of the course from Profs. Spafford and Kate, or my offering of the graduate information security course. If you see something there you like (content, policies, etc.), let me know.
Final Exam
Thursday, May 2, 7:00pm-9:00pm, WTHR 172.
If you have another exam scheduled at that time or you have
three or more exams scheduled that day and would like to reschedule
this exam, please let me know as soon as possible. Note that
conflicting exams are pretty much the only reason for rescheduling,
I bought a ticket to go home earlier
is not an accepted reason for
an exam to be rescheduled.